Biology Shows Us How To Prevent Hackers From Grabbing Data

From denial of service attacks to server crashes to day-long disruptions of Google Drive, almost all organizations are familiar with threats to their information security. Given that digital information is more central than ever, it's worrisome that the history of data security is littered with failure. Organizations seeking to be better prepared for and more resilient in response to information threats may want to draw on a far larger and older source of lessons on information security — the 3.5 billion year history of life. Tapping into biology's security database — which was developed by millions of species in response to extremely complex natural security problems — gives us first a wakeup call, then some practical guidance on how to keep our information secure. The wakeup call concerns our assumptions about the borders, barriers, and firewalls we construct in a valiant attempt to protect our data. In nature, barriers — between organic and inorganic chemicals, between land and sea, between species, between everything — have been built, tested, overcome, rebuilt, and overcome again with almost endless repetition. Barriers — be they cell walls, border walls, or firewalls — are at best a temporary imposition to an invader. In the same way that tightly controlled unicellular life eventually evolved into more open and distributed multicellular life, the rapid evolution of cyber threats has outpaced the evolution of defensive barriers. The lesson is simply that modern organizations should work under the basic assumption that almost anything electronic is now open source. My colleagues in climate science learned this the hard way when politically motivated hackers stole and released thousands of emails sent among scientists. Not only did sensitive data and preliminary analyses methods leak out, but the petty interpersonal spats and behind-the-back sniping that probably appear in all email chains were revealed in all their unappealing light. So how do we operate in an effectively open-source world without barriers? Here biology offers some get-off-your-ergonomic-chair-and-do-something advice. The biological world is also open source in the sense that threats are always present, largely unpredictable, and always changing. Because of this, defensive measures that are perfectly designed for a particular threat leave you vulnerable to other ones. Imagine if our immune system were designed to deal only with a single strain of flu. In fact, our immune system works because it looks for the full spectrum of invaders — low-level viral infections, bacterial parasites, or virulent strains of a pandemic disease. Too often, we create security measures — such as the Department of Homeland Security's BioWatch program — that spend too many resources to deal specifically with a very narrow range of threats on the risk spectrum. Advocates of full-spectrum approaches for biological and chemical weapons argue that weaponized agents are really a very small part of the risk and that we are better off developing strategies — like better public-health-response systems — that can deal with everything from natural mutations of viruses to lab accidents to acts of terrorism. Likewise, cyber crime is likely a small part of your digital-security risk spectrum. A full-spectrum approach favors generalized health over specialized defenses, and redundancy over efficiency. Organisms in nature, despite being constrained by resources, have evolved multiply redundant layers of security. DNA has multiple ways to code for the same proteins so that viral parasites can't easily hack it and disrupt its structure. Multiple data-backup systems are a simple method that most sensible organizations employ, but you can get more clever than that. For example, redundancy in nature sometimes takes the form of leaving certain parts unsecure to ensure that essential parts can survive attack. Lizards easily shed their tails to predators to allow the rest of the body (with the critical reproductive machinery) to escape. There may be sacrificial systems or information you can offer up as a decoy for a cyber-predator, in which case an attack becomes an advantage, allowing your organization to see the nature of the attacker and giving you time to add further security in the critical part of your information infrastructure. In the end, we are only vulnerable to digital information threats because we are so dependent on digital information. We have, by choice and not, become enmeshed in an escalation toward ever more technological reliance. Yet sometimes technology that starts as an adaptation becomes maladaptive. Retroviruses, such as HIV, use the technology of our immune system against us. The BBC made a modern recreation of the Domesday Book in the 1980s, smartly storing it on high-tech (for the 1980s) laser discs, which are now less accessible than the original book from 1086, which was written on parchment. Faced with continued technological escalation, the best strategy can simply be to step aside. Many successful organisms have split off from their species' escalatory pathways, so that the planet now has flightless birds, stingless bees, and rattle-less rattlesnakes. There are models in our past of how to work without information technology. News reporters, in the wake of the recent Justice Department blanket raid of AP phone records, are watching All the President's Men again and realizing the best way to talk with a source is not by email or text, but in a shadowy parking garage. I recall pulling out a notebook to jot some ideas during a meeting I had at the venerable Cosmos Club in Washington, DC. I was quickly and discretely chastised by my host, who informed me that one does not take notes in the Cosmos Club. No one would say this rule has hampered the many expeditions supported, deals created, and confidences shared in the Club's 135-year history, but it has preserved their integrity in a perpetually leaky city. Yahoo's decision to put a stop to employee telecommuting was made for many reasons (which vary depending on who you ask), but one of the underappreciated benefits is that it adds to the company's security by requiring fewer online conversations about new technologies and acquisitions. Not to mention petty spats between employees; now those are presumably carried out the old-fashioned way, in whispered hushes at the water cooler. There are organisms that avoid security problems altogether. Certain deep-sea animals are so far removed from any competition that they live quite easily in their isolation. Unfortunately, they don't evolve and change, they don't transform resources or innovate — in fact, they don't do much of anything. Provided you want your organization to grow and innovate, you can't reject technology altogether and you can't wall yourself off from all threats. The best bet is to do what the most successful organisms on Earth do — accept the risk and adapt to the changes. Please follow Science on Twitter and Facebook.Join the conversation about this story »

By Olga KharifDigital currencies and the software developed to track them have become attractive targets for cybercriminals while also creating a lucrative new market for computer-security firms.In less than a decade, hackers have stolen $1.2 billion worth of Bitcoin and rival currency Ether, according to Lex Sokolin, global director of fintech strategy at Autonomous Research LLP. Given the currencies' explosive surge at the end of 2017, the cost in today's money is much higher."It looks like crypto hacking is a $200 million annual revenue industry," Sokolin said.

The volume of attacks hitting individual company firewalls passed the 1,000 per day mark, on average, for the first time in November last year.
While a third of attacks against UK businesses attempted to access company databases in the first quarter of 2016, cyber criminals have since shifted their focus to connected devices such as networked security cameras and building control systems that can be controlled remotely over the internet.

Small businesses must be more proactive to protect themselves against cyber attacks and make the issue a core part of their business strategy for 2016. That’s according to the Cyber Streetwise Forum, a group of specialists in business and technology that came together for the first time in London last week to discuss the latest online trends and threats to affect small businesses and consumers.

New York (AFP) - Investigators were digging Thursday to find who initiated and what was taken in an apparent intense hacker effort this month to penetrate the systems of US banks including JPMorgan Chase.

China has developed an offensive cyberweapon that can redirect internet traffic to attack targeted websites, say researchers from Citizen Lab, a cyber security think-tank housed at the Munk School of Global Affairs in the University of Toronto.
In a recent report, researchers show that this tool — which they have dubbed China’s ‘Great Cannon’ — intercepts foreign web traffic, injects it with malicious code and then uses it to serve Chinese interests by directing it to overwhelm chosen websites.

If we've learned anything about cyber security in 2014, it's that hackers are becoming more of a threat than ever before. Within the past two months companies such as Microsoft, AOL, and eBay have been the victim of security breaches.